AWS Marketplace Rule Groups

AWS WAF provides AWS Marketplace rule groups to help you protect your
resources. AWS Marketplace rule groups are collections of predefined, ready-to-use
rules that are
written and updated by AWS and AWS partner companies.

Some AWS Marketplace rule groups are designed to help protect specific types of web
applications like WordPress, Joomla, or PHP. Other AWS Marketplace rule groups offer
broad
protection against known threats or common web application vulnerabilities, such
as those
listed in the OWASP Top 10.

You can install a single AWS Marketplace rule group from your preferred AWS partner
and also add your own customized AWS WAF
rules for increased protection. If you are subject to regulatory compliance like
PCI or
HIPAA, you might be able to use AWS Marketplace rule groups to satisfy web application
firewall requirements.

AWS Marketplace rule groups are available with no long-term
contracts,
and no minimum commitments. You are charged a monthly fee (pro-rated hourly) when
subscribed to a rule group as well
as ongoing request volume-based fees. For more
information, see AWS WAF Pricing as
well as the description for each AWS Marketplace rule group on AWS Marketplace.

Automatic Updates

Keeping up to date on the constantly changing threat landscape can be time consuming
and expensive. AWS Marketplace rule groups can save you time when you implement
and
use AWS WAF. Another benefit is that AWS and our AWS partners automatically update
AWS Marketplace rule groups when new vulnerabilities and threats emerge.

Many of our partners are notified of new vulnerabilities before public
disclosure. They can update their rule groups and deploy them to you even before
a new
threat is widely known. Many also have threat research teams to investigate and
analyze the most recent threats in order to write the most relevant rules.

Access to the Rules in an AWS
Marketplace Rule Group

Each AWS Marketplace rule group provides a comprehensive description of the types
of
attacks and vulnerabilities that it's designed to protect against. To protect the
intellectual property of the rule group providers, you can't view the individual
rules
within a rule group. This restriction also helps to keep malicious users from designing
threats that specifically circumvent published rules.

Because you can’t view individual rules in an AWS Marketplace rule group, you also
can't edit any rules in a rule group. However, you can enable or disable entire
rule
groups, as well as choose the rule group action to perform. See
Use AWS Marketplace Rule Groups for more information.

Limits

You can enable only one AWS Marketplace rule group. This rule group counts towards
the 10 rule limit per web ACL. Therefore you can have one AWS Marketplace rule group
and up to nine custom rules in a single web ACL.

Pricing

For AWS Marketplace rule group pricing, see AWS WAF Pricing as well as the
description for each AWS Marketplace rule group on AWS Marketplace.

Use AWS Marketplace Rule Groups

You can subscribe to and unsubscribe from AWS Marketplace rule groups on the AWS WAF
console.

When adding a rule group to a web ACL, the action you set for the rule group (either
No override or Override to count) is called the rule group override action. For more information, see Rule Group Override.

Remove the rule group from all web ACLs. For more information, see Editing a Web ACL.

In the navigation pane, choose Marketplace.

Choose Manage your subscriptions.

Choose Cancel subscription next to the name of the rule group that you want to
unsubscribe from.

Choose Yes, cancel subscription.

Rule Group Override

AWS Marketplace rule groups have two possible actions: No override and Override to count. If you want to test the rule group, set the action to Override to count. This rule group action will then override any block action specified by individual rules contained within the group. That is, if the
rule group's action is set to Override to count, instead of potentially blocking matching requests based on the action of individual
rules within the group, those requests will be counted. Conversely, if you set the
rule group's action to No override, actions of the individual rules within the group will be used.

Troubleshooting AWS
Marketplace Rule Groups

If you find that an AWS Marketplace rule group is blocking legitimate traffic,
perform the following steps.

To troubleshoot an
AWS Marketplace rule group

Change the action for the AWS Marketplace rule group from
No override to Override to count. This allows the
web request to pass through, regardless of the individual rule actions within
the rule group. This also provides you with Amazon CloudWatch metrics for the
rule
group.

After setting the AWS Marketplace rule group action to
Override to count, contact the rule group provider‘s customer
support team to further troubleshoot the issue. For contact information, see
rule group listing on the product listing pages on AWS Marketplace.

Contacting Customer
Support

For problems with AWS WAF or a rule group that is managed by AWS, contact AWS
Support. For problems with a rule group that is managed by an AWS partner, contact
that partner's customer support team. To find partner contact information, see
the
partner’s listing on AWS Marketplace.